AMENDMENTS TO THE CLAIMS 

This listing of claims will replace all prior versions, and listings, of claims 
in the application: 

Listing of Claims: 
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25. (Currently amended) A method for managing encryption within a 
datable system, wherein encryption is performed automatically and transparently 
to a usenof the database system, the method comprising: 

receding a request at the database system to store data in the database 

system; 

wherein tfte request is directed to storing data in a portion of the database 
system that has beemdesignated as encrypted; 
in response to receiving the request 

- croating a digest of the data, and 
automirtically encrypting data within the database system 
V_ using an encryprkm function to produce an encrypted data; and 
storing the encrypted dataVi the database system; 
wherein the digest is used toNdetect tampering with the encrypted data . 



1 26. (Previously presented) The method of claim 25, 

2 wherein the portion of the databaseVsystem that has been designated as 

3 encrypted includes a column of the database System; 

4 wherein the encryption function uses a \ey stored in a keyfile managed by 

5 a security administrator; and 
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6 \ wherein the encrypted data is stored using a storage function of the 

7 datable system. 

1 27\(Previously presented) The method of claim 26, further comprising: 

2 receiving a request to retrieve data from the column of the database 

3 system; 

4 if the request to retrieve data is received from a database administrator, 

5 preventing the database administrator from decrypting the encrypted data; 

6 if the request tfc retrieve data is received from the security administrator, 

7 preventing the security administrator from decrypting the encrypted data; and 

8 if the request to retrieve data is from an authorized user of the database 

9 system, allowing the authorized user to decrypt the encrypted data. 

1 28. (Previously presentedVThe method of claim 26, wherein the security 

2 administrator selects one of, data er^ryption standard (DES) and triple DES as a 

3 mode of encryption for the column. 

1 29. (Previously presented) The me\hod of claim 26, wherein the security 

2 administrator, a database administrator, and\i user administrator are distinct roles, 

3 and wherein a person selected for one of thes^foles is not allowed to be selected 

4 for another of these roles. 

1 30. (Previously presented) The method of cla^m 26, wherein managing the 

2 keyfile includes, but is not limited to: 

3 creating the keyfile; 

4 establishing a plurality of keys to be stored in the fteyfile; 

5 establishing a relationship between a key identifier a^d the key stored in 

6 the keyfile; 
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storing the keyfile in one of, 
an encrypted file in the database system, and 
a location separate from the database system; and 
^oving an obfuscated copy of the keyfile to a volatile memory within a 
server associated with the database system. 



1 31. (Previously presented) The method of claim 30, wherein the key 

2 identifier associated with the column is stored as metadata associated with a table 

3 containing the columk within the database system. 
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32. (Previously presented) The method of claim 30, further comprising 
establishing encryption parameters for the column, wherein encryption parameters 
include encryption mode, key lWigth, and integrity type by: 

entering encryption parameters for the column manually; and 
recovering encryption parairi^ters for the column from a profile table in the 
database system. 



1 33. (Previously presented) The method of claim 26, wherein upon 

2 receiving a request from the security administrator specifying the column to be 

3 encrypted, if the column currently contains data, the method further comprises: 

4 decrypting the column using an old key if tn^ column was previously 

5 encrypted; and 

6 encrypting the column using a new key. 



1 34. (Currently amended) A computer-readable stor&e medium storing 

2 instructions that when executed by a computer causes the computer to perform a 

3 method for managing encryption within a database system, wWerein encryption is 
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performed automatically and transparently to a user of the database system, the 
method comprising: 

\ receiving a request at the database system to store data in the database 
system;\ 

wherein the request is directed to storing data in a portion of the database 
system that has been designated as encrypted; 
in respon^ to receiving the request 

\ - creating a digest of the data, and 

automatically encrypting data within the database system 
using an encryption function to produce an encrypted data; and 
storing the encryptedxiata in the database system; 
wherein the digest is used to detect tampering with the encrypted data . 

35. (Previously presented) Thk computer-readable storage medium of 
claim 34, \ 

wherein the portion of the databasksystem that has been designated as 
encrypted includes a column of the databaseVystem; 

wherein the encryption function uses a\ey stored in a keyfile managed by 
a security administrator; and \ 

wherein the encrypted data is stored using kstorage function of the 
database system. \ 

36. (Previously presented) The computer-readablevstorage medium of 
claim 3 5 , the method \ 

further comprising: \ 
receiving a request to retrieve data from the column of tke database 
system; \ 
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6 \ if the request to retrieve data is received from a database administrator, 

7 preventing the database administrator from decrypting the encrypted data; 

8 \ if the request to retrieve data is received from the security administrator, 

9 preventing the security administrator from decrypting the encrypted data; and 

1 0 iftiie request to retrieve data is from an authorized user of the database 

1 1 system, allowing the authorized user to decrypt the encrypted data. 

1 37. (Previously presented) The computer-readable storage medium of 

2 claim 35, wherein the^security administrator selects one of, data encryption 

3 standard (DES) and triple DES as a mode of encryption for the column. 

1 38. (Previously presented) The computer-readable storage medium of 

2 claim 35, wherein the security administrator, a database administrator, and a user 

3 administrator are distinct roles, and wherein a person selected for one of these 

4 roles is not allowed to be selected fofc another of these roles. 



1 39. (Previously presented) The computer-readable storage medium of 

2 claim 35, wherein managing the keyfile includes, but is not limited to: 

3 creating the keyfile; 

4 establishing a plurality of keys to be stoVed in the keyfile; 

5 establishing a relationship between a key\dentifier and the key stored in 

6 the keyfile; 

7 storing the keyfile in one of, 

8 an encrypted file in the database system, and 

9 a location separate from the database system; anc 

1 0 moving an obfuscated copy of the keyfile to a volat^e memory within a 

1 1 server associated with the database system. 
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\ 40. (Previously presented) The computer-readable storage medium of 
claim 39, wherein the key identifier associated with the column is stored as 
metadata associated with a table containing the column within the database 
system. \ 

41 . (Previously presented) The computer-readable storage medium of 
claim 39, whereimthe method further comprises establishing encryption 
parameters for the column, wherein encryption parameters include encryption 
mode, key length, and integrity type by: 

entering encryptioirparameters for the column manually; and 
recovering encryptionWameters for the column from a profile table in the 
database system. \ 

42. (Previously presented) ThVcomputer-readable storage medium of 
claim 35, wherein upon receiving a reqtffest from the security administrator 
specifying the column to be encrypted, if tW column currently contains data, the 
method further comprises: \ 

decrypting the column using an old keySif the column was previously 
encrypted; and \ 
encrypting the column using a new key. \ 

43. (Currently amended) An apparatus that facilitates managing encryption 
within a database system, wherein encryption is performed automatically and 
transparently to a user of the database system, comprising: \ 

a receiving mechanism that is configured to receive aVequest at the 
database system to store data in the database system; \ 

wherein the request is directed to storing data in a portioAof the database 
system that has been designated as encrypted; \ 
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\ a digest creating mechanism configured to create a digest of the data; 
V encrypting mechanism that is configured to automatically encrypt data 
within the\latabase system using an encryption function to produce an encrypted 
data; and \ 

a storingonechanism that is configured to store the encrypted data in the 
database system; \ 

wherein the digest is used to detect tampering with the encrypted data . 

44. (Previously presented) The apparatus of claim 43, 

wherein the portion of the database system that has been designated as 
encrypted includes a column orthe database system; 

wherein the encryption function uses a key stored in a keyfile managed by 
a security administrator; and \ 

wherein the encrypted data is srored using a storage function of the 
database system. \ 

45. (Previously presented) The apparatus of claim 44, further comprising: 
the receiving mechanism that is further configured to receive a request to 

retrieve data from the column of the database system; 

an access mechanism that is configured to prevent a database administrator 
and the security administrator from decrypting the encWpted data; and 

wherein the access mechanism is configured to\llow an authorized user 
of the database system to decrypt the encrypted data. \ 

46. (Previously presented) The apparatus of claim 44\ further comprising a 
selection mechanism that is configured to select one of, data encryption standard 
(DES) and triple DES as a mode of encryption for the column. \ 
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1 \ 47. (Previously presented) The apparatus of claim 44, wherein the security 

2 administrator, a database administrator, and a user administrator are distinct roles, 

3 and wnfcrein a person selected for one of these roles is not allowed to be selected 

4 for anothei\pf these roles. 

1 48. (Previously presented) The apparatus of claim 44, further comprising: 

2 a creating mechanism that is configured to create the keyfile; 

3 an establishingsmechanism that is configured to establish a plurality of 

4 keys to be stored in the kWfile; 

5 wherein the establishing mechanism is further configured to establish a 

6 relationship between a key identifier and the key stored in the keyfile; 

7 wherein the storing mech&pism is further configured to store the keyfile in 
, 8 one of, 

9 an encrypted file in the database system, and 

10 a location separate from the database system; and 

^ | 11 a moving mechanism that is configured to move an obfuscated copy of the 

12 keyfile to a volatile memory within a server associated with the database system. 

1 49. (Previously presented) The apparatus of claim 48, wherein the key 

2 identifier associated with the column is stored as me^data associated with a table 

3 containing the column within the database system. 

1 50. (Previously presented) apparatus of claim 48l wherein the 

2 establishing mechanism is further configured to establish encryption parameters 

3 for the column, wherein encryption parameters include encryption mode, key 

4 length, and integrity type, and wherein the establishing mechanism includes: 

5 an entering mechanism that is configured to enter encryption parameters 

6 for the column manually; and 
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7 a recovering mechanism that is configured to recover encryption 

8 parameters for the column from a profile table in the database system. 



1 51. (Previously presented) The apparatus of claim 44, further comprising: 

2 a decrypting mechanism that is configured to decrypt the column using a 

3 previous key if the column was previously encrypted; and 

4 wherein the encrypting mechanism is further configured to encrypt the 

5 column using a new key. 
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